Showing results for 
Search instead for 
Did you mean: 

Dynamic VPN Tunnel

Level 1
Level 1

Hi All

I need to setup a connection from a remote place to my headoffice


The remote place runs on home broadband router and has only 1 public IP. I could use an internal ip given by them


for example: public IP is

private IP:


The remote place has only basic broadband router so can do natting from private IP to Public IP

Question is - can I setup a Dynamic Site 2 Site vpn to my head office? (Can I use on my firewall external and initiate the tunnel to headoffice public IP? the return traffic would be to broadband router which will be NATd back to my firewall in remote place - will this work?)



3 Replies 3


You don't state which hardware you are using, but I assume ASA. As long as you can nat UDP 500/4500 from the broadband router to the private IP address of the FW, it should establish a VPN to the main site.



For quite some time, NAT and VPNs work together. The spoke can be behind dynamic NAT/PAT, the Hub can be behind a static NAT without limiting the functionality.

So in general, it will work. But based on the rest of the setup and the devices and software versions involved, there can be some challenges.

Just go on and if you face some problems ask again for help.

Sorry its a Cisco on both ends


The issue is the broadband router (ISP) router is not capable of doing this. so thought a dynamic tunnel would help but can that work on an internal address and natd when it goes out through broadband router?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: